Microsoft Office, Windows, .NET Framework, and Silverlight combined security update
Report ID: MS201205006
Date Published: 9 May 2012
Compromise Type: remote-code-execution denial-of-service privilege-escalation
Compromise From: remote local-system
Windows Server 2003
Windows Server 2008
Microsoft Server 2008 R2
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 4
Microsoft Silverlight 5
A combined security update for Microsoft Office, Windows, .NET Framework, and Silverlight has been released to address multiple vulnerabilities that could lead to remote code execution, denial of service attack, or escalation of privilege.
Microsoft has released a combined security update to resolve multiple vulnerabilities that were reported found in Microsoft Office, Windows, .NET Framework, and Silverlight.
Six remote code execution vulnerabilities were reported in those products, two of which involving TrueType font file, one involving .NET Framework, two involving Office GDI+, and one involving Silverlight.
There is one denial of service vulnerability in .NET Framework. It was caused by improper comparation of the value of an index within a Windows Presentation Foundation (WPF) application.
Finally, there are three escalation of privilege vulnerabilities that could allow an attacker to execute code in kernel mode. To exploit these three vulnerabilities, the attacker must first log on to the local system and run a specially crafted application.
All these vulnerabilities have been resolved through the combined security update, which introduces necessary changes and modification of vulnerable components. Users are recommended to install this latest update as a protection measure against potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-034)